HI rajesh,
thanks for the rules, solved it for me Mit freundlichen Grüßen / Best Regards i. A. Jan Hartmann IT Administrator Groupware phone: +49 2371 820 298 fax: +49 2371 211 443 e-mail: j.hartm...@kirchhoff-automotive.com KIRCHHOFF Witte GmbH c/o KIRCHHOFF Automotive GmbH Stefanstrasse 2 58638 Iserlohn Germany KIRCHHOFF Witte GmbH | HRB 6370 Amtsgericht Iserlohn | Sitz der Gesellschaft: 58640 Iserlohn | Geschäftsführer: Dipl.-Ing. Jürgen Wolfgang Kirchhoff, Andreas Haase, Dipl.-Ing. Stefan Leitzgen | http://www.kirchhoff-automotive.com -----Original Message----- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Rajesh M Sent: Mittwoch, 14. Oktober 2015 08:37 To: clamav-users@lists.clamav.net Subject: Re: [clamav-users] Trouble with foxhole hi foxhole_all.cdb is basically a text file the content is as given below which you can edit to suit your convenience. i have also attached the same file. what i have will block all the following extensions even they are hidden within 7z, rar, zip, arj, cab files. you would need to copy this file inside /var/lib/clamav/ or whichever folder is having your daily.cld file and then restart clam Sanesecurity.Foxhole.7z:CL_TYPE_7Z:*:(?i)\.(ace|ade|adp|arc|arj|b64|bat|bhx|cab|chm|cmd|com|cpl|dll|exe|hqx|hta|inf|ins|iso|isp|jar|js|jse|lib|lnk|lzh|mim|msp|mst|pif|reg|scf|scr|sct|shb|shs|sys|taz|tgz|tz|url|uu|uue|vb|vbe|vbs|vxd|wsc|wsf|wsh|xxe|z)$:*:*:*:*:*:* Sanesecurity.Foxhole.Rar:CL_TYPE_RAR:*:(?i)\.(ace|ade|adp|arc|arj|b64|bat|bhx|cab|chm|cmd|com|cpl|dll|exe|hqx|hta|inf|ins|iso|isp|jar|js|jse|lib|lnk|lzh|mim|msp|mst|pif|reg|scf|scr|sct|shb|shs|sys|taz|tgz|tz|url|uu|uue|vb|vbe|vbs|vxd|wsc|wsf|wsh|xxe|z)$:*:*:*:*:*:* Sanesecurity.Foxhole.Zip:CL_TYPE_ZIP:*:(?i)\.(ace|ade|adp|arc|arj|b64|bat|bhx|cab|chm|cmd|com|cpl|dll|exe|hqx|hta|inf|ins|iso|isp|jar|js|jse|lib|lnk|lzh|mim|msp|mst|pif|reg|scf|scr|sct|shb|shs|sys|taz|tgz|tz|url|uu|uue|vb|vbe|vbs|vxd|wsc|wsf|wsh|xxe|z)$:*:*:*:*:*:* Sanesecurity.Foxhole.Arj:CL_TYPE_ARJ:*:(?i)\.(ace|ade|adp|arc|arj|b64|bat|bhx|cab|chm|cmd|com|cpl|dll|exe|hqx|hta|inf|ins|iso|isp|jar|js|jse|lib|lnk|lzh|mim|msp|mst|pif|reg|scf|scr|sct|shb|shs|sys|taz|tgz|tz|url|uu|uue|vb|vbe|vbs|vxd|wsc|wsf|wsh|xxe|z)$:*:*:*:*:*:* Sanesecurity.Foxhole.Cab:CL_TYPE_MSCAB:*:(?i)\.(ace|ade|adp|arc|arj|b64|bat|bhx|cab|chm|cmd|com|cpl|dll|exe|hqx|hta|inf|ins|iso|isp|jar|js|jse|lib|lnk|lzh|mim|msp|mst|pif|reg|scf|scr|sct|shb|shs|sys|taz|tgz|tz|url|uu|uue|vb|vbe|vbs|vxd|wsc|wsf|wsh|xxe|z)$:*:*:*:*:*:* rajesh ----- Original Message ----- From: Hartmann, Jan [mailto:j.hartm...@kirchhoff-automotive.com] To: clamav-users@lists.clamav.net Sent: Wed, 14 Oct 2015 06:23:41 +0000 Subject: [clamav-users] Trouble with foxhole Hi, Today we had a lot problems with exe files hidden in zip archives I tried to add the foxholedb to our clamav, but sadly it didn’t recognize the exe in the zip. clamscan --database=/var/lib/clamav/foxhole_generic.cdb fatuousness\ paging\ policy\ work\ regulations.zip fatuousness paging policy work regulations.zip: OK Mit freundlichen Grüßen / Best Regards i. A. Jan Hartmann IT Administrator Groupware phone: +49 2371 820 298 mobile: +49 171 865 962 2 fax: +49 2371 211 443 e-mail: j.hartm...@kirchhoff-automotive.com KIRCHHOFF Witte GmbH c/o KIRCHHOFF Automotive GmbH Stefanstrasse 2 58638 Iserlohn Germany KIRCHHOFF Witte GmbH | HRB 6370 Amtsgericht Iserlohn | Sitz der Gesellschaft: 58640 Iserlohn | Geschäftsführer: Dipl.-Ing. Jürgen Wolfgang Kirchhoff, Andreas Haase, Dipl.-Ing. Stefan Leitzgen | http://www.kirchhoff-automotive.com Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail.Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information.If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. ----------- SCAN SUMMARY ----------- Known viruses: 185 Engine version: 0.98.7 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.05 MB Data read: 0.02 MB (ratio 2.60:1) _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
